Bug 176674 - app-emulation/qemu Several vulnerabilities (CVE-2007-{132[0-3]|1366} )
|
Bug#:
176674
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: jaervosz@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0001.html
|
|
Summary: app-emulation/qemu Several vulnerabilities (CVE-2007-{132[0-3]|1366} )
|
|
Keywords:
|
|
Status Whiteboard: B3 [noglsa] jaervosz
|
|
Opened: 2007-05-01 12:34 0000
|
Debian Security Advisory DSA 1284-1 securitydebian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 1st, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : qemu
Vulnerability : several
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366
Several vulnerabilities have been discovered in the QEMU processor
emulator, which may lead to the execution of arbitrary code or denial of
service. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-1320
Tavis Ormandy discovered that a memory management routine of the Cirrus
video driver performs insufficient bounds checking, which might
allow the execution of arbitrary code through a heap overflow.
CVE-2007-1321
Tavis Ormandy discovered that the NE2000 network driver and the socket
code perform insufficient input validation, which might allow the
execution of arbitrary code through a heap overflow.
CVE-2007-1322
Tavis Ormandy discovered that the "icebp" instruction can be abused to
terminate the emulation, resulting in denial of service.
CVE-2007-1323
Tavis Ormandy discovered that the NE2000 network driver and the socket
code perform insufficient input validation, which might allow the
execution of arbitrary code through a heap overflow.
CVE-2007-1366
Tavis Ormandy discovered that the "aam" instruction can be abused to
crash qemu through a division by zero, resulting in denial of
service.
For the oldstable distribution (sarge) these problems have been fixed in
version 0.6.1+20050407-1sarge1.
For the stable distribution (etch) these problems have been fixed
in version 0.8.2-4etch1.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your qemu packages.
*** Bug 176955 has been marked as a duplicate of this bug. ***
lu_zero please advise and bump as necessary.
qemu-0.9 is in portage, I'd advise to use it since it has also major feature
and performance improvements.
Thx Luca.
Arches please test and mark stable. Target keywords are:
qemu-0.9.0.ebuild:KEYWORDS="amd64 ppc x86"
@Luca: Can you handle the stabilization for ppc, please?
This one is ready for GLSA decision. I tend to vote NO.
i vote Yes (buffer overflows -> B2 or B1, i don't really understand why you
have voted no)
I'm not familiar with qemu. If they use the NE2000 and the Cirrus by default
for virtualization I would vote yes. I assumed that you needed the hardware...
Closing with [noglsa] since most of votes are No. Feel free to reopen if you
disagree.
